限制用户登录IP
语法: CREATE/ALTER USER user [auth_option] [expiration_option | lock_option | host_option] …
host_option: {
hosts ‘host_list’
}
举例:
create user bai2 identified by ‘mypasswd1’ hosts ‘172.16.3.55 172.16.3.58’ ;
-
创建管理员用户,并给管理员用户赋予所有权限(DBA用户权限):
create user adminuser identified by ‘mypasswd1’ hosts ‘172.16.3.55 172.16.3.58’ ;
grant all privileges on . to adminuser@’%’ with grant option; -
使用adminuser创建普通用户,并赋权
create user myuser1 identified by ‘mypasswd1’ hosts ‘172.16.3.55 172.16.3.58’ ;
grant select,insert,update,delete on db1.* to myuser1@’%’;
– GBase8a的用户权限管理,可针对不同的库、表赋予不同的权限,详见 SQL手册4.6.2 权限管理章节
- 给用户myuser1增加白名单IP地址
– 使用3.56IP访问数据库提示无权限:
[gbase@hd56 ~]$ gccli -umyuser1 -pmypasswd1 -h172.16.3.160
ERROR 1130 (HY000): Host ‘172.16.3.56’ is not allowed to connect to this GBase server
– 增加3.56为到IP地址中
alter user myuser1 hosts ‘172.16.3.55 172.16.3.58 172.16.3.56’;
hosts指定可访问IP列表,IP以空格间隔,支持通配符%和_
– GBase8a的用户安全特性,针对用户IP地址、密码强度等进行设置,详见 管理员手册 12 安全管理章节
-
用户白名单IP列表查看
select host,user,host_list from gbase.user_check where user=‘myuser1’ ; -
用户具备的权限查看
show grants for myuser1;
